Where to begin with openziti?

Building/Development
46

I uploaded a demo video for you with two services. one is the eth0.me demo, another is a private http server example.

Here’s the video:

Here are the exact commands I copied and pasted - you’ll need to change the IP referenced. I had my totally private VPC ssh/http server running at 172.31.50.50.

# On AWS machine - make the `aws.private.id` identity and enroll it
ziti edge create identity device aws.private.id -o aws.private.id.jwt
ziti edge enroll aws.private.id.jwt

# start the tunneler on the aws/private linux machine
sudo ./ziti-edge-tunnel run -i ./aws.private.id.json 

# On 'local/linux' machine - make the `private.client.id`
ziti edge create identity device private.client.id -o private.client.id.jwt
ziti edge enroll private.client.id.jwt

# start the tunneler on the local linux machine
sudo ./ziti-edge-tunnel run -i private.client.id.json 

# ssh to aws machine and make the overlay objects for eth0
zitiLogin
ziti edge create config 'eth0.host.v1' host.v1 '{"protocol":"tcp", "address":"eth0.me","port":80}'
ziti edge create config 'eth0.intercept.v1' intercept.v1 '{"protocols":["tcp"],"addresses":["eth0.discourse.ziti"], "portRanges":[{"low":80, "high":80}]}'
ziti edge create service 'eth0' --configs 'eth0.intercept.v1','eth0.host.v1'
ziti edge create service-policy 'eth0.binding' Bind --service-roles '@eth0' --identity-roles '@aws.private.id'
ziti edge create service-policy 'eth0.dialing' Dial --service-roles '@eth0' --identity-roles '@private.client.id'

# now define private access to the http server
ziti edge create config 'private.http.host.v1' host.v1 '{"protocol":"tcp", "address":"172.31.50.50","port":80}'
ziti edge create config 'private.http.intercept.v1' intercept.v1 '{"protocols":["tcp"],"addresses":["private.http.discourse.ziti"], "portRanges":[{"low":80, "high":80}]}'
ziti edge create service 'private.http' --configs 'private.http.intercept.v1','private.http.host.v1'
ziti edge create service-policy 'private.http.binding' Bind --service-roles '@private.http' --identity-roles '@aws.private.id'
ziti edge create service-policy 'private.http.dialing' Dial --service-roles '@private.http' --identity-roles '@private.client.id'

# ssh to the aws machine, then ssh to the private http server and start python
ssh 172.31.50.50
# this will start python's SimpleHTTPServer and allow you to exit the ssh session
sudo nohup python -m SimpleHTTPServer 80 > ~/http.log &

# back on local local issue curl and get some results...
curl eth0.discourse.ziti
18.188.201.183

# now curl to the private http server and make sure it works...
curl private.http.discourse.ziti

# now try chrome....
http://private.http.discourse.ziti/


# cleanup after yourself when done (if you like)

ziti edge delete config eth0.host.v1
ziti edge delete config eth0.intercept.v1
ziti edge delete service eth0
ziti edge delete service-policy eth0.binding
ziti edge delete service-policy eth0.dialing

ziti edge delete config private.http.host.v1
ziti edge delete config private.http.intercept.v1
ziti edge delete service private.http
ziti edge delete service-policy private.http.binding
ziti edge delete service-policy private.http.dialing

ziti edge delete identity aws.private.id
ziti edge delete identity private.client.id
1 Like